[....] Starting enhanced syslogd: rsyslogd[   11.198038] audit: type=1400 audit(1514421800.574:5): avc:  denied  { syslog } for  pid=3004 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.168550] audit: type=1400 audit(1514421805.545:6): avc:  denied  { map } for  pid=3142 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts.
executing program
[   24.582804] audit: type=1400 audit(1514421813.959:7): avc:  denied  { map } for  pid=3157 comm="syzkaller826623" path="/root/syzkaller826623437" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   24.585788] ==================================================================
[   24.585806] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40
[   24.585808] 
[   24.585815] CPU: 0 PID: 3157 Comm: syzkaller826623 Not tainted 4.15.0-rc4-mm1+ #49
[   24.585819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.585822] Call Trace:
[   24.585832]  dump_stack+0x194/0x257
[   24.585844]  ? arch_local_irq_restore+0x53/0x53
[   24.585854]  ? show_regs_print_info+0x18/0x18
[   24.585861]  ? __lock_is_held+0xb6/0x140
[   24.585877]  ? relay_open+0x6a1/0xa40
[   24.585887]  print_address_description+0x73/0x250
[   24.585894]  ? relay_open+0x6a1/0xa40
[   24.585900]  ? relay_open+0x6a1/0xa40
[   24.585908]  kasan_report_double_free+0x55/0x80
[   24.585919]  kasan_slab_free+0xa3/0xc0
[   24.585929]  kfree+0xd6/0x260
[   24.585940]  relay_open+0x6a1/0xa40
[   24.585956]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   24.585970]  ? __debugfs_create_file+0x2cf/0x3d0
[   24.585986]  ? debugfs_create_file+0x57/0x70
[   24.586005]  do_blk_trace_setup+0x4a4/0xcd0
[   24.586021]  ? blk_tracer_print_line+0x40/0x40
[   24.586032]  ? __might_sleep+0x95/0x190
[   24.586050]  ? kasan_check_write+0x14/0x20
[   24.586058]  ? _copy_from_user+0x99/0x110
[   24.586071]  __blk_trace_setup+0xbe/0x150
[   24.586082]  ? do_blk_trace_setup+0xcd0/0xcd0
[   24.586115]  blk_trace_setup+0x4d/0x70
[   24.586131]  sg_ioctl+0xc71/0x2d90
[   24.586140]  ? lock_release+0xa40/0xa40
[   24.586148]  ? __handle_mm_fault+0x80e/0x3ce0
[   24.586161]  ? sg_new_write.isra.18+0x870/0x870
[   24.586169]  ? __pmd_alloc+0x4e0/0x4e0
[   24.586181]  ? is_bpf_text_address+0xa4/0x120
[   24.586198]  ? avc_has_extended_perms+0x7fa/0x12c0
[   24.586221]  ? avc_ss_reset+0x110/0x110
[   24.586247]  ? __do_page_fault+0x5f7/0xc90
[   24.586293]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.586300]  ? up_read+0x1a/0x40
[   24.586310]  ? rcu_note_context_switch+0x710/0x710
[   24.586330]  ? sg_new_write.isra.18+0x870/0x870
[   24.586337]  do_vfs_ioctl+0x1b1/0x1520
[   24.586344]  ? _cond_resched+0x14/0x30
[   24.586359]  ? ioctl_preallocate+0x2b0/0x2b0
[   24.586371]  ? selinux_capable+0x40/0x40
[   24.586384]  ? putname+0xf3/0x130
[   24.586396]  ? do_sys_open+0x320/0x6d0
[   24.586423]  ? security_file_ioctl+0x89/0xb0
[   24.586437]  SyS_ioctl+0x8f/0xc0
[   24.586452]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.586458] RIP: 0033:0x443de9
[   24.586462] RSP: 002b:00007ffe6b5ec978 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[   24.586470] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443de9
[   24.586474] RDX: 0000000020001f8a RSI: 00000000c0481273 RDI: 0000000000000003
[   24.586478] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   24.586482] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000401ad0
[   24.586486] R13: 0000000000401b60 R14: 0000000000000000 R15: 0000000000000000
[   24.586513] 
[   24.586517] Allocated by task 3157:
[   24.586523]  save_stack+0x43/0xd0
[   24.586528]  kasan_kmalloc+0xad/0xe0
[   24.586534]  kmem_cache_alloc_trace+0x136/0x750
[   24.586539]  relay_open+0xf2/0xa40
[   24.586544]  do_blk_trace_setup+0x4a4/0xcd0
[   24.586550]  __blk_trace_setup+0xbe/0x150
[   24.586556]  blk_trace_setup+0x4d/0x70
[   24.586560]  sg_ioctl+0xc71/0x2d90
[   24.586565]  do_vfs_ioctl+0x1b1/0x1520
[   24.586570]  SyS_ioctl+0x8f/0xc0
[   24.586576]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.586577] 
[   24.586580] Freed by task 3157:
[   24.586585]  save_stack+0x43/0xd0
[   24.586591]  kasan_slab_free+0x71/0xc0
[   24.586595]  kfree+0xd6/0x260
[   24.586600]  relay_open+0x84a/0xa40
[   24.586606]  do_blk_trace_setup+0x4a4/0xcd0
[   24.586611]  __blk_trace_setup+0xbe/0x150
[   24.586617]  blk_trace_setup+0x4d/0x70
[   24.586622]  sg_ioctl+0xc71/0x2d90
[   24.586626]  do_vfs_ioctl+0x1b1/0x1520
[   24.586631]  SyS_ioctl+0x8f/0xc0
[   24.586637]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.586638] 
[   24.586643] The buggy address belongs to the object at ffff8801cc749340
[   24.586643]  which belongs to the cache kmalloc-512 of size 512
[   24.586649] The buggy address is located 0 bytes inside of
[   24.586649]  512-byte region [ffff8801cc749340, ffff8801cc749540)
[   24.586651] The buggy address belongs to the page:
[   24.586656] page:ffffea000731d240 count:1 mapcount:0 mapping:ffff8801cc7490c0 index:0x0
[   24.586663] flags: 0x2fffc0000000100(slab)
[   24.586672] raw: 02fffc0000000100 ffff8801cc7490c0 0000000000000000 0000000100000006
[   24.586679] raw: ffffea0007246f60 ffffea0007246de0 ffff8801dac00940 0000000000000000
[   24.586682] page dumped because: kasan: bad access detected
[   24.586684] 
[   24.586686] Memory state around the buggy address:
[   24.586691]  ffff8801cc749200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.586696]  ffff8801cc749280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   24.586701] >ffff8801cc749300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   24.586704]                                            ^
[   24.586709]  ffff8801cc749380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.586714]  ffff8801cc749400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.586716] ==================================================================
[   24.586718] Disabling lock debugging due to kernel taint
[   24.586722] Kernel panic - not syncing: panic_on_warn set ...
[   24.586722] 
[   24.586728] CPU: 0 PID: 3157 Comm: syzkaller826623 Tainted: G    B            4.15.0-rc4-mm1+ #49
[   24.586731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.586733] Call Trace:
[   24.586739]  dump_stack+0x194/0x257
[   24.586747]  ? arch_local_irq_restore+0x53/0x53
[   24.586753]  ? kasan_end_report+0x32/0x50
[   24.586760]  ? lock_downgrade+0x980/0x980
[   24.586766]  ? vsnprintf+0x1ed/0x1900
[   24.586776]  panic+0x1e4/0x41c
[   24.586783]  ? refcount_error_report+0x214/0x214
[   24.586792]  ? add_taint+0x40/0x50
[   24.586798]  ? add_taint+0x1c/0x50
[   24.586805]  ? relay_open+0x6a1/0xa40
[   24.586810]  ? relay_open+0x6a1/0xa40
[   24.586816]  kasan_end_report+0x50/0x50
[   24.586823]  kasan_report_double_free+0x72/0x80
[   24.586831]  kasan_slab_free+0xa3/0xc0
[   24.586838]  kfree+0xd6/0x260
[   24.586846]  relay_open+0x6a1/0xa40
[   24.586856]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   24.586865]  ? __debugfs_create_file+0x2cf/0x3d0
[   24.586875]  ? debugfs_create_file+0x57/0x70
[   24.586885]  do_blk_trace_setup+0x4a4/0xcd0
[   24.586896]  ? blk_tracer_print_line+0x40/0x40
[   24.586902]  ? __might_sleep+0x95/0x190
[   24.586914]  ? kasan_check_write+0x14/0x20
[   24.586919]  ? _copy_from_user+0x99/0x110
[   24.586928]  __blk_trace_setup+0xbe/0x150
[   24.586936]  ? do_blk_trace_setup+0xcd0/0xcd0
[   24.586955]  blk_trace_setup+0x4d/0x70
[   24.586964]  sg_ioctl+0xc71/0x2d90
[   24.586971]  ? lock_release+0xa40/0xa40
[   24.586978]  ? __handle_mm_fault+0x80e/0x3ce0
[   24.586986]  ? sg_new_write.isra.18+0x870/0x870
[   24.586993]  ? __pmd_alloc+0x4e0/0x4e0
[   24.587000]  ? is_bpf_text_address+0xa4/0x120
[   24.587010]  ? avc_has_extended_perms+0x7fa/0x12c0
[   24.587024]  ? avc_ss_reset+0x110/0x110
[   24.587039]  ? __do_page_fault+0x5f7/0xc90
[   24.587065]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.587070]  ? up_read+0x1a/0x40
[   24.587079]  ? rcu_note_context_switch+0x710/0x710
[   24.587091]  ? sg_new_write.isra.18+0x870/0x870
[   24.587097]  do_vfs_ioctl+0x1b1/0x1520
[   24.587103]  ? _cond_resched+0x14/0x30
[   24.587112]  ? ioctl_preallocate+0x2b0/0x2b0
[   24.587121]  ? selinux_capable+0x40/0x40
[   24.587129]  ? putname+0xf3/0x130
[   24.587137]  ? do_sys_open+0x320/0x6d0
[   24.587151]  ? security_file_ioctl+0x89/0xb0
[   24.587160]  SyS_ioctl+0x8f/0xc0
[   24.587169]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.587173] RIP: 0033:0x443de9
[   24.587176] RSP: 002b:00007ffe6b5ec978 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[   24.587182] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443de9
[   24.587186] RDX: 0000000020001f8a RSI: 00000000c0481273 RDI: 0000000000000003
[   24.587189] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   24.587193] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000401ad0
[   24.587196] R13: 0000000000401b60 R14: 0000000000000000 R15: 0000000000000000
[   24.609121] Dumping ftrace buffer:
[   24.609125]    (ftrace buffer empty)
[   24.609128] Kernel Offset: disabled
[   25.386899] Rebooting in 86400 seconds..